Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
CSCF Security Configuration Mode Commands
▀ per-ip-failure-limit
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
per-ip-failure-limit
Sets a failure limit that, when exceeded, causes the suspension of registration attempts for the offending IP address.
Important:
The system will ignore the configuration of this command unless the
command
has been enabled.
Product
SCM (P-CSCF, A-BG)
Privilege
Security Administrator, Administrator
Syntax
Default: 100
Defines the threshold for registration failures based on a calculation using weighted multipliers defined in
Defines the threshold for registration failures based on a calculation using weighted multipliers defined in
and
.
must be an integer from 5 to 10,000.
Sets /restores the default value assigned to the specified command.
Usage
Use this command to set a failure limit for registration attempts from an identified IP address. The following
calculation determines when this threshold is reached for any IP address:
Current authorization failures ÷
calculation determines when this threshold is reached for any IP address:
Current authorization failures ÷
= current failures per AoR
or
Total bad registration requests ÷
Total bad registration requests ÷
= current failures per AoR
If
= and
= , and the
=
, then the tolerance for registration authentication failures = 100 per each IP address and the tolerance
for bad registration requests = 200 per each IP address.
When an IP address reaches the failure limit, it is added to a ―grey list‖ for a period of time as defined by the
When an IP address reaches the failure limit, it is added to a ―grey list‖ for a period of time as defined by the
command.
Example
The following command sets the IP address registration failure limit to
The following command sets the IP address registration failure limit to
: